[Pkg-nginx-maintainers] Bug#1050571: Bug#1050571: reportbug: nginx normalises "Status: 123 " and "Status: 123" to invalid "HTTP/1.1 123" (must be "HTTP/1.1 123 ")

[Jérémy Lal]

Le sam. 26 août 2023 à 14:21, наб <nabijaczleweli at nabijaczleweli.xyz> a
écrit :

> Package: nginx
> Version: 1.24.0-1
> Severity: normal
>
> Dear Maintainer,
>
> Test setup:
> -- >8 --
> #!/bin/sh
> printf '%s\n' "Status: ${DOCUMENT_URI##*/}" 'Content-Type: text/plain' ''
> "${DOCUMENT_URI##*/}"
> -- >8 --
> in /tmp/cgi and
> -- >8 --
> server {
>         listen 127.1.2.3:80;
>         location / {
>                 fastcgi_pass unix:/run/fcgiwrap.socket;
>                 include /etc/nginx/fastcgi_params;
>                 fastcgi_param SCRIPT_FILENAME /tmp/cgi;
>         }
> }
> -- >8 --
> in /etc/nginx/sites-enabled/demo.
>
> Naturally, this program returns "Status: {request path without /}",
> with body "{request path without /}" and whatever padding to make
> it palatable to nginx.
>
> Now, the abridged bug (full log attached, but it's not exciting):
> -- >8 --
> $ curl -s -vvv http://127.1.2.3/'404%20Zupa' 2>&1 | cat -A
> > GET /404%20Zupa HTTP/1.1^M$
> < HTTP/1.1 404 Zupa^M$
> < Server: nginx/1.24.0^M$
> 404 Zupa$
>
> $ curl -s -vvv http://127.1.2.3/'404%20' 2>&1 | cat -A
> > GET /404%20 HTTP/1.1^M$
> < HTTP/1.1 404^M$
> < Server: nginx/1.24.0^M$
> 404 $
>
> $ curl -s -vvv http://127.1.2.3/'404' 2>&1 | cat -A
> > GET /404 HTTP/1.1^M$
> < HTTP/1.1 404^M$
> < Server: nginx/1.24.0^M$
> 404$
>
> $ curl -s -vvv http://127.1.2.3/'40' 2>&1 | cat -A
> > GET /40 HTTP/1.1^M$
> < HTTP/1.1 502 Bad Gateway^M$
> < Server: nginx/1.24.0^M$
> <html>^M$
> <head><title>502 Bad Gateway</title></head>^M$
> <body>^M$
> <center><h1>502 Bad Gateway</h1></center>^M$
> <hr><center>nginx/1.24.0</center>^M$
> </body>^M$
> </html>^M$
> -- >8 --
> (yes, I straced fcgiwrap, it doesn't mangle the Status lines).
>
> Case-wise:
>   "404 Zupa" correct! it's a valid 404
>   "40"       correct! it's invalid, 502ing is sensible
> but
>   "404 "     wrong!
>   "404"      wrong!
>
> Both are normalised by nginx to "HTTP/1.1 404",
> which is invalid accd'g to RFC9112 (I think that's the current standard?):
>   https://www.rfc-editor.org/rfc/rfc9112.html#name-collected-abnf
> which says
>   start-line = request-line / status-line
>   status-code = 3DIGIT
>   status-line = HTTP-version SP status-code SP [ reason-phrase ]
>
> Naturally, nginx is producing a status-line without the second SP,
> which is wrong!
>
> Repros on sid and bookworm.
>

Forwarded to nginx mailing list, should appear here:
https://mailman.nginx.org/pipermail/nginx/2023-August/thread.html

Jérémy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-nginx-maintainers/attachments/20230826/44bf64e6/attachment.htm>